jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add ping capability (for statping)

Browse Source
This commit is contained in:
Girish Ramakrishnan
2020-06-30 07:31:24 -07:00
parent bc6e652293
commit 0f103ccce1
4 changed files with 9 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/docker.js
View File

@@ -307,7 +307,7 @@ function createSubcontainer(app, name, cmd, options, callback) {
DnsSearch: ['.'], // use internal dns
SecurityOpt: [ 'apparmor=docker-cloudron-app' ],
CapAdd: [],
CapDrop: [ 'NET_RAW' ] // https://docs-stage.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
CapDrop: []
},
NetworkingConfig: {
EndpointsConfig: {
@@ -319,8 +319,11 @@ function createSubcontainer(app, name, cmd, options, callback) {
};
var capabilities = manifest.capabilities || [];
// https://docs-stage.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
if (capabilities.includes('net_admin')) containerOptions.HostConfig.CapAdd.push('NET_ADMIN', 'NET_RAW');
if (capabilities.includes('mlock')) containerOptions.HostConfig.CapAdd.push('IPC_LOCK'); // mlock prevents swapping
if (!capabilities.includes('ping')) containerOptions.HostConfig.CapDrop.push('NET_RAW'); // NET_RAW is included by default by Docker
containerOptions = _.extend(containerOptions, options);